Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Azure Bastion Module #844

Closed
scottharwell opened this issue May 10, 2022 · 0 comments
Closed

Azure Bastion Module #844

scottharwell opened this issue May 10, 2022 · 0 comments
Labels
has_pr PR fixes have been made medium_priority Medium priority new_module_issue Request to add a new module

Comments

@scottharwell
Copy link
Contributor

SUMMARY

Support for configuration of Azure Bastion service configuration, info, and as a proxy for inventory connection to Azure-hosted virtual machines.

ISSUE TYPE
  • Feature Idea
COMPONENT NAME
  • azure_rm_bastion
  • azure_rm_bastion_info
ADDITIONAL INFORMATION

In order to deliver a seamless automation experience against Azure hosts that exist in private or isolated subnets, the Azure Bastion Service provides an easy way to allow access to those services without the need to stand up and manage a custom Bastion host. This service allows for a cloud-native way to spin up a bastion connection on-demand, access the resources behind the bastion for automation, and then tear it down when no longer required. Support for this service will allow for more secure network topologies and network traversal and allow Ansible to deliver agentless configuration against isolated nodes in Azure.

The idea behind this module is that a bastion endpoint can be created as part of a play when a host or set of hosts is known to exists on a subnet with no direct access. The bastion could be configured and created at run time so that the remainder of the automation has access to the resources on the subnet and then, after automation is complete, shut down and air-gapping the network again.

- name: Create Bastion Host
  delegate_to: localhost
  gather_facts: false
  tasks:
    - name: Create bastion
      azure.azcollection.azure_rm_bastion:
        name: "{{ bastion_name }}"
        sku: standard
        instance_count: 2
        resource_group: "{{ resource_group }}"
        target_vnet: "{{ target_vnet }}"
        public_ip_address_name: "{{ public_ip_name }}"
        state: present
        tags:
          deployment: ansible
    # Pseudo code in the following tasks
    - name: Extract bastion public IP
    - name: Update inventory proxy command to use bastion IP
    - name: Refresh inventory
    - name: Run automation on hosts
    # Destroy the bastion now that the actions have completed
    - name: Destroy bastion
        azure.azcollection.azure_rm_bastion:
        name: "{{ bastion_name }}"
        state: absent
@scottharwell scottharwell changed the title Azure Bastion Service Support Azure Bastion Module May 10, 2022
@Fred-sun Fred-sun added new_module_issue Request to add a new module medium_priority Medium priority work in In trying to solve, or in working with contributors labels May 17, 2022
@Fred-sun Fred-sun mentioned this issue Jun 7, 2022
Merged
@Fred-sun Fred-sun added has_pr PR fixes have been made and removed work in In trying to solve, or in working with contributors labels Jun 10, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
has_pr PR fixes have been made medium_priority Medium priority new_module_issue Request to add a new module
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@scottharwell @Fred-sun